Audit: Albuquerque doesn't effectively limit computer access

Published: Monday, July 23, 2001

Associated Press

ALBUQUERQUE {AP} An audit of computer security warns that employees who have been fired from jobs with the city of Albuquerque still could have passwords that could get them into sensitive computer records.

"Terminated employees may have access to highly sensitive areas, such as the jail and police systems, if their access is not removed," according to a report by the city's office of internal audit, which focused on a computer system used by 1,200 employees.

Authorized workers have user names and passwords. But the audit said the city has no effective system for eliminating access by people who transfer to other departments or leave their city jobs.

Good security procedures would require that their names be removed on a timely basis when they leave, the audit said.

It recommended that workers be required to change their computer passwords regularly for security; that forms with information about various users be kept in secure places; that user access be reviewed periodically; and that accounts automatically terminate if they are inactive for a period of time, such as 90 days.

The audit said the city's information systems division and department of finance and administrative services generally agreed with the audit's suggestions.